Application Security Roles

The Application Security Roles (APPROLES) page defines security for the Advantage application based on Security roles and business role types. Some business roles such as Manager and Employee have restricted access to data from some systems such as the Advantage HRM system. Based on the business role through which the user is accessing the application, the user has access to a different subset of data in the application. For example, Employee users can submit their timesheet (transactions) through the TIMEI security resource on the Timesheet landing page when they are logged in as an employee role. However, when the user is logged in as a Benefits Administrator role, the user is allowed to open the Dependent Benefits (DPBN) transaction, which gives the user access to the generic Transaction Catalog. From here the user can also access all timesheet transactions (TIMEI). The security applied from APPROLES restrict access to users in such cases to a subset of data based on the role in which the user is accessing the application. This ability to have different sets of access is granted via the creation of Application Security Roles that are different from a user’s security role.

In addition to the Application Security Roles setup, the User Type field, located on the User to Business Role Association page (USRBROLE) and User Maintenance transactions, utilizes a drop down that contains a range of 10 different User Types (User 1 through User 10). The User Types are mapped to the corresponding application security roles. When a business role with a Role Type Information is associated to a user, they can be set up to fall under a specific User Type. Once the user is tied to a User Type, the type field draws in the Security Role for the user.

Based on the User Type and Application Security Roles set up for the user type, users of different business roles are granted security roles depending on their level of access. Data is displayed to the end users dependent on the security role of the logged in individual.

Field	Description
Business Role Type	An indication that determines how certain Human Resource Management pages (for example; Travel, Time and Leave, and Employee Search) are displayed. It is based on whether a given business role is intended for a manager or an employee. Roles that do not need this distinction should leave the field blank. Valid values include Manager and Employee.
Security Role ID	A unique identification of a security role.
User Type	The level of security access that a user should have for a Business Role Type and Security Role ID combination.
Description	A descriptive field to capture a name, title, or information about a security role.
Precedence	A field to specify the order in which security roles are loaded when a user has more than one security role, During various authorization checks, the system checks the user’s security roles in order of precedence until authority is found or all of the user’s roles have been checked. For performance reasons, the most frequently used security role should be set with the highest precedence (the lowest number used represents the highest precedence).